diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 47e48bc..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-shib-idp-conftree.tar*
diff --git a/README.md b/README.md
index 43cdf5e..f26284c 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,14 @@
# shib-idp-conftree
-`tar cvf shib-idp-conftree.tar --exclude .git .`
+## Purpose
+
+This project contains the configuration tree (structure) for Shibboleth IDP. The are various usage scenarios throughout the build, test, deploy cycle that warrant this abstraction
+of the configuration tree. There is a separate repository for the Docker Image which is responsible for building the runtime environment and pulling the configuration trees housed here
+to complete a deployment.
+
+### Configuration Trees
+
+ * `test` branch
+ * Internal Testing - (TEST) branch/repo that uses the "test bed" which is something that I2 provides (LDAP) and an element to make all integrations. Appropriate for Jenkins and testing environments
+ * `release` branch
+ * External Testing - (RELEASE) branch/repo (ultimately will live in Subversion?) for end users
diff --git a/conf/#metadata-providers.xml~ b/conf/#metadata-providers.xml~
deleted file mode 100644
index 906556f..0000000
--- a/conf/#metadata-providers.xml~
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
- md:SPSSODescriptor
-
-
-
-
-
-
-
diff --git a/conf/access-control.xml b/conf/access-control.xml
index 9b23ad7..21af6c3 100644
--- a/conf/access-control.xml
+++ b/conf/access-control.xml
@@ -12,20 +12,56 @@
default-init-method="initialize"
default-destroy-method="destroy">
-
+
-
+
+
+
+
+
+
diff --git a/conf/admin/general-admin.xml b/conf/admin/general-admin.xml
new file mode 100644
index 0000000..9b3b180
--- /dev/null
+++ b/conf/admin/general-admin.xml
@@ -0,0 +1,53 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/admin/metrics.xml b/conf/admin/metrics.xml
new file mode 100644
index 0000000..f9b5c16
--- /dev/null
+++ b/conf/admin/metrics.xml
@@ -0,0 +1,129 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
index 92af950..0908192 100644
--- a/conf/attribute-filter.xml
+++ b/conf/attribute-filter.xml
@@ -1,36 +1,100 @@
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml
index d09a1ea..4681b64 100644
--- a/conf/attribute-resolver-full.xml
+++ b/conf/attribute-resolver-full.xml
@@ -1,28 +1,23 @@
-
-
@@ -30,266 +25,268 @@
-
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+-->
-
+
+
+
+
+
+-->
-
+
-
+
+
+
+-->
-
+
+
+-->
-
+
diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml
index 9ac44d3..ec79de9 100644
--- a/conf/attribute-resolver-ldap.xml
+++ b/conf/attribute-resolver-ldap.xml
@@ -13,20 +13,10 @@
encoders, and data connectors. Deployers should refer to the Shibboleth
documentation for a complete list of components and their options.
-->
-
+ xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
@@ -39,33 +29,33 @@
not expose a value for this attribute without considering the
long term implications.
-->
-
-
-
-
-
+
+
+
+
+
-
-
-
-
-
+
+
+
+
+
-
-
-
-
-
+
+
+
+
+
@@ -77,21 +67,28 @@
The connectivity details can be specified in ldap.properties to
share them with your authentication settings if desired.
-->
-
-
+ useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+ connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
+ trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
+ responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
+
-
- %{idp.attribute.resolver.LDAP.returnAttributes}
-
- %{idp.attribute.resolver.LDAP.trustCertificates}
-
-
+
+
+
-
+
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
index a10d1c8..e111728 100644
--- a/conf/attribute-resolver.xml
+++ b/conf/attribute-resolver.xml
@@ -1,67 +1,96 @@
-
+
+ xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
-
-
-
-
-
-
-
-
-
+
+
+
-
-
-
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
-
-
- member
-
-
-
-
+
+ member
+
+
+
+
-
+ useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+ connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
+ responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
+
-
- givenName sn displayName mail uid
-
+
+ givenName sn displayName mail uid
+
-
+
diff --git a/conf/audit.xml b/conf/audit.xml
index 9940cec..22949fd 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -18,86 +18,15 @@
+
+
+
http://shibboleth.net/ns/profiles/status
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/conf/authn/duo-authn-config.xml b/conf/authn/duo-authn-config.xml
new file mode 100644
index 0000000..0a48152
--- /dev/null
+++ b/conf/authn/duo-authn-config.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+
diff --git a/conf/authn/duo.properties b/conf/authn/duo.properties
new file mode 100644
index 0000000..2ca71ee
--- /dev/null
+++ b/conf/authn/duo.properties
@@ -0,0 +1,9 @@
+# Duo integration settings
+
+# Note: If upgrading from pre-3.3 IdP versions, you will need to manually add a pointer
+# to this property file to idp.properties.
+
+idp.duo.apiHost = hostname
+idp.duo.applicationKey = key
+idp.duo.integrationKey = key
+idp.duo.secretKey = key
diff --git a/conf/authn/external-authn-config.xml b/conf/authn/external-authn-config.xml
index 4ce8f26..8b3a159 100644
--- a/conf/authn/external-authn-config.xml
+++ b/conf/authn/external-authn-config.xml
@@ -16,8 +16,11 @@
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+
diff --git a/conf/authn/krb5-authn-config.xml.dist b/conf/authn/krb5-authn-config.xml.dist
deleted file mode 100644
index d3590a2..0000000
--- a/conf/authn/krb5-authn-config.xml.dist
+++ /dev/null
@@ -1,31 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml
index 5626629..56d1bc7 100644
--- a/conf/authn/ldap-authn-config.xml
+++ b/conf/authn/ldap-authn-config.xml
@@ -21,7 +21,8 @@
@@ -51,7 +52,7 @@
+ p:validatePeriodDuration="%{idp.pool.LDAP.validatePeriod:PT5M}" />
+ p:prunePeriodDuration="%{idp.pool.LDAP.prunePeriod:PT5M}"
+ p:idleTimeDuration="%{idp.pool.LDAP.idleTime:PT10M}" />
@@ -72,11 +73,13 @@
-
+ p:connectionFactory-ref="anonSearchPooledConnectionFactory" >
+
+
+
-
+ p:connectionFactory-ref="bindSearchPooledConnectionFactory" >
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml
index 5c02196..48b2c3d 100644
--- a/conf/authn/password-authn-config.xml
+++ b/conf/authn/password-authn-config.xml
@@ -14,8 +14,8 @@
-
-
+
+
@@ -31,12 +31,22 @@
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- NoCredentials
- CLIENT_NOT_FOUND
- Client not found
- DN_RESOLUTION_FAILURE
-
-
-
-
- InvalidCredentials
- PREAUTH_FAILED
- INVALID_CREDENTIALS
-
-
-
-
- Clients credentials have been revoked
-
-
-
-
- PASSWORD_EXPIRED
-
-
-
-
- ACCOUNT_WARNING
-
-
-
-
-
-
-
-
diff --git a/conf/authn/remoteuser-authn-config.xml b/conf/authn/remoteuser-authn-config.xml
index b5a923f..4b7e722 100644
--- a/conf/authn/remoteuser-authn-config.xml
+++ b/conf/authn/remoteuser-authn-config.xml
@@ -15,9 +15,12 @@
-
-
-
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
\ No newline at end of file
diff --git a/conf/idp.properties b/conf/idp.properties
index 5e2df04..fb0020a 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -1,5 +1,5 @@
# Load any additional property resources from a comma-delimited list
-idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties
+idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties
# Set the entityID of the IdP
idp.entityID= https://idp.testbed.tier.internet2.edu/idp/shibboleth
@@ -111,9 +111,13 @@ idp.authn.flows= Password
#idp.authn.defaultLifetime = PT60M
#idp.authn.defaultTimeout = PT30M
+# Whether to populate relying party user interface information for display
+# during authentication, consent, terms-of-use.
+#idp.authn.rpui = true
+
# Whether to prioritize "active" results when an SP requests more than
# one possible matching login method (V2 behavior was to favor them)
-#idp.authn.favorSSO = true
+#idp.authn.favorSSO = false
# Whether to fail requests when a user identity after authentication
# doesn't match the identity in a pre-existing session.
@@ -146,7 +150,7 @@ idp.authn.flows= Password
# for use by user interface logic; adds overhead so off by default.
#idp.logout.elaboration = false
-# Whether to require logout requests be signed/authenticated.
+# Whether to require logout requests/responses be signed/authenticated.
#idp.logout.authenticated = true
# Message freshness and replay cache tuning
@@ -157,7 +161,7 @@ idp.authn.flows= Password
#idp.replayCache.StorageService = shibboleth.StorageService
# Toggles whether to allow outbound messages via SAML artifact
-#idp.artifact.enabled = true
+idp.artifact.enabled = false
# Suppresses typical signing/encryption when artifact binding used
#idp.artifact.secureChannel = true
# May differ to direct SAML 2 artifact lookups to specific server nodes
@@ -165,11 +169,6 @@ idp.authn.flows= Password
# Set to custom bean for alternate storage of artifact map state
#idp.artifact.StorageService = shibboleth.StorageService
-# Name of access control policy for various admin flows
-idp.status.accessPolicy= AccessByIPAddress
-idp.resolvertest.accessPolicy= AccessByIPAddress
-idp.reload.accessPolicy= AccessByIPAddress
-
# Comma-delimited languages to use if not match can be found with the
# browser-supported languages, defaults to an empty list.
idp.ui.fallbackLanguages= en,fr,de
@@ -188,7 +187,9 @@ idp.ui.fallbackLanguages= en,fr,de
# in servlet request under the key "opensamlProfileRequestContext"
#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO
-# F-TICKS auditing - set salt to include hashed username
+# F-TICKS auditing - set a salt to include hashed username
#idp.fticks.federation=MyFederation
#idp.fticks.algorithm=SHA-256
#idp.fticks.salt=somethingsecret
+#idp.fticks.loghost=localhost
+#idp.fticks.logport=514
diff --git a/conf/intercept/expiring-password-intercept-config.xml b/conf/intercept/expiring-password-intercept-config.xml
new file mode 100644
index 0000000..5447b16
--- /dev/null
+++ b/conf/intercept/expiring-password-intercept-config.xml
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/intercept/profile-intercept.xml b/conf/intercept/profile-intercept.xml
index fedc2b2..bb3d3a7 100644
--- a/conf/intercept/profile-intercept.xml
+++ b/conf/intercept/profile-intercept.xml
@@ -25,12 +25,30 @@
+
+
-
+
+
+
+
+
+
+
+
diff --git a/conf/ldap.properties b/conf/ldap.properties
index 07cf10b..1aafb7c 100644
--- a/conf/ldap.properties
+++ b/conf/ldap.properties
@@ -5,10 +5,13 @@
#idp.authn.LDAP.authenticator = anonSearchAuthenticator
## Connection properties ##
-idp.authn.LDAP.ldapURL = ldap://ldap.testbed.tier.internet2.edu
+idp.authn.LDAP.ldapURL = ldap://testbed.tier.internet2.edu
idp.authn.LDAP.useStartTLS = false
idp.authn.LDAP.useSSL = false
-#idp.authn.LDAP.connectTimeout = 3000
+# Time in milliseconds that connects will block
+#idp.authn.LDAP.connectTimeout = PT3S
+# Time in milliseconds to wait for responses
+#idp.authn.LDAP.responseTimeout = PT3S
## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
#idp.authn.LDAP.sslConfig = certificateTrust
@@ -18,7 +21,6 @@ idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-s
idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
## Return attributes during authentication
-## NOTE: there is a separate property used for attribute resolution
idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining
## DN resolution properties ##
@@ -40,21 +42,22 @@ idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=example,dc
# LDAP attribute configuration, see attribute-resolver.xml
# Note, this likely won't apply to the use of legacy V2 resolver configurations
idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
+idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S}
+idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S}
idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined}
idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true}
idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined}
idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal)
-idp.attribute.resolver.LDAP.returnAttributes = cn,homephone,mail
# LDAP pool configuration, used for both authn and DN resolution
#idp.pool.LDAP.minSize = 3
#idp.pool.LDAP.maxSize = 10
#idp.pool.LDAP.validateOnCheckout = false
#idp.pool.LDAP.validatePeriodically = true
-#idp.pool.LDAP.validatePeriod = 300
-#idp.pool.LDAP.prunePeriod = 300
-#idp.pool.LDAP.idleTime = 600
-#idp.pool.LDAP.blockWaitTime = 3000
+#idp.pool.LDAP.validatePeriod = PT5M
+#idp.pool.LDAP.prunePeriod = PT5M
+#idp.pool.LDAP.idleTime = PT10M
+#idp.pool.LDAP.blockWaitTime = PT3S
#idp.pool.LDAP.failFastInitialize = false
diff --git a/conf/logback.xml b/conf/logback.xml
index 2582d1c..104ec4c 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -24,10 +24,6 @@
-
-
-
-
+
+
+
+ VelocityStatusMatcher
+ ResourceManager : unable to find resource 'status.vm' in any resource loader.
+
+ VelocityStatusMatcher.matches(formattedMessage)
+
+ DENY
+
@@ -106,6 +114,18 @@
UTF-8%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}
+
+
+
+
+
+ VelocityStatusMatcher
+ ResourceManager : unable to find resource 'status.vm' in any resource loader.
+
+ VelocityStatusMatcher.matches(formattedMessage)
+
+ DENY
+
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
index e10c8b8..1f373e3 100644
--- a/conf/metadata-providers.xml
+++ b/conf/metadata-providers.xml
@@ -1,5 +1,4 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ md:SPSSODescriptor
+
+
-
-
+
+
+
diff --git a/conf/relying-party.xml b/conf/relying-party.xml
index 28c9193..1f48cff 100644
--- a/conf/relying-party.xml
+++ b/conf/relying-party.xml
@@ -34,14 +34,16 @@
-
+
+
-
-
+
+
diff --git a/conf/services.properties b/conf/services.properties
index 116625a..eee86ee 100644
--- a/conf/services.properties
+++ b/conf/services.properties
@@ -53,7 +53,11 @@ idp.service.cas.registry.checkInterval = PT15M
#idp.httpclient.useTrustEngineTLSSocketFactory = false
#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false
#idp.httpclient.connectionDisregardTLSCertificate = false
-#idp.httpclient.connectionTimeout = -1
+#idp.httpclient.connectionRequestTimeout = 60000
+#idp.httpclient.connectionTimeout = 60000
+#idp.httpclient.socketTimeout = 60000
+#idp.httpclient.maxConnectionsTotal = 100
+#idp.httpclient.maxConnectionsPerRoute = 100
#idp.httpclient.memorycaching.maxCacheEntries = 50
#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576
#idp.httpclient.filecaching.maxCacheEntries = 100
diff --git a/conf/services.xml b/conf/services.xml
index d22fff9..313b636 100644
--- a/conf/services.xml
+++ b/conf/services.xml
@@ -134,12 +134,11 @@
- %{idp.home}/messages/authn-messages
- %{idp.home}/messages/consent-messages
- %{idp.home}/messages/error-messages
+ %{idp.home}/messages/messages
+ %{idp.home}/system/messages/messages
diff --git a/credentials/idp-backchannel.crt b/credentials/idp-backchannel.crt
deleted file mode 100644
index 78b0409..0000000
--- a/credentials/idp-backchannel.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIVAOFETpFi27881c/E8q+EMl9Q0x3eMA0GCSqGSIb3DQEB
-CwUAMCkxJzAlBgNVBAMMHmlkcC50ZXN0YmVkLnRpZXIuaW50ZXJuZXQyLmVkdTAe
-Fw0xNjA0MDEwMTU0MTZaFw0zNjA0MDEwMTU0MTZaMCkxJzAlBgNVBAMMHmlkcC50
-ZXN0YmVkLnRpZXIuaW50ZXJuZXQyLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAJHEgwTuY6udWkTkKrIAjy/0NFdqlSQ0KlUesN9806aSTB44kF4z
-x3dqLNZ0sXYb42vVkhJs9ClD7+nU/PhYErMdsHFkeEiC/oaNA4KJxraPtQwdcXv7
-qutoiNcGPXAAqNC80OkcqneeWWEo83BYMPA/YB+Oko+qZkaAqaQq6fPUhUZzKxp1
-jkAWFknZXt676MRbqqXMSdLQScJ9DHC1t8m4+R29In8wybMofvmLZ1DzKjQPlRzD
-XtEx66USOAoDZLXzmSkYPOx8Rq3HoEsIWnjUOXIA7zurKqyv3qe9Dwy6XYdBpvpw
-JYtpfL9I7P5ftAqgDAd0nUuro7m133EHTXsCAwEAAaOBhDCBgTAdBgNVHQ4EFgQU
-x7OgBHgTB2AYpVTo5OaIMlLOVgEwYAYDVR0RBFkwV4IeaWRwLnRlc3RiZWQudGll
-ci5pbnRlcm5ldDIuZWR1hjVodHRwczovL2lkcC50ZXN0YmVkLnRpZXIuaW50ZXJu
-ZXQyLmVkdS9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAdt2uTZVH
-DflxXQ4MkPrPIP99xeTZfYc9Y9bwCMjt21+cDfnu92MzlbYzQ9txLQcw30iFc0Zj
-i7gys2m+/dp8zRjB++RfXirbNyZUSo/KQIr1GrWeoIJ8CMVafRRw+46RJA/3GsSN
-/0zX1sFJHz0q8WrKZMh2c4P7ejwuVp1JSh0vWZxXhyhHuSklygSvG6XXUPlBwB8p
-QbZEuxKgalDTQSaa5vza0d+0ocgaaybMnex6N7MD1Lvsh/qEy+Yxc1/4ruay7nmk
-2mXmsTUWN3majWZjsCJCMNrugom03rhC3BhnuLA/tYAHOiSt8W4zdfqf2/ShWRjJ
-4HpJj1hbzraYTw==
------END CERTIFICATE-----
diff --git a/credentials/idp-backchannel.p12 b/credentials/idp-backchannel.p12
deleted file mode 100644
index 91a22fc..0000000
Binary files a/credentials/idp-backchannel.p12 and /dev/null differ
diff --git a/credentials/idp-encryption.crt b/credentials/idp-encryption.crt
deleted file mode 100644
index 43d508f..0000000
--- a/credentials/idp-encryption.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZTCCAk2gAwIBAgIUXt4aAKQ9aNNGsvwLPlsHphaOfoEwDQYJKoZIhvcNAQEL
-BQAwKTEnMCUGA1UEAwweaWRwLnRlc3RiZWQudGllci5pbnRlcm5ldDIuZWR1MB4X
-DTE2MDQwMTAxNTQxNVoXDTM2MDQwMTAxNTQxNVowKTEnMCUGA1UEAwweaWRwLnRl
-c3RiZWQudGllci5pbnRlcm5ldDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAoIGFGiOtOc4wCWQdxkupjRlebjY7PGUu+qayLzy/vA2Q9ZaPbFCt
-/BfrKxCofOnZYyDV0hNphEzni/Iedrbp25hquvN0EvVnNxbXdkwWWP3NtqJNrlKt
-NKtF9kUnJm1jHLqaM1Zn3rubBk4mdPJy8gqPAf+K5TVeeeKBdRySdlpXAnf3Ag98
-pAFSJI4zSGiV95NJ4qvqDg65RgoqDrsDCazoNLpW2jsSUhdlwmstsmKNm6Jp4XKj
-Es+3uI/b5IZSld0YEiLPBmCI3CUOx4ssTJHZta69Y5uBBCV8f5vHg9JnAu3j7YaK
-ARLScxBDN+edYRMnNN3emMFHXHRX/Jv75wIDAQABo4GEMIGBMB0GA1UdDgQWBBT+
-i3k4bakmyCBAf5dCGpkk4w81HjBgBgNVHREEWTBXgh5pZHAudGVzdGJlZC50aWVy
-LmludGVybmV0Mi5lZHWGNWh0dHBzOi8vaWRwLnRlc3RiZWQudGllci5pbnRlcm5l
-dDIuZWR1L2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IBAQB9obiWK3jK
-MOmD3IJ3q8VzVtZ/8YRNR5OfIl0t1aA1ayXaOAt/NfVrawusDglkHoKnsnfSOrgW
-6KeKu22IOoZtbepCBw+ExxLJbHElPRxEP/KO0kF/cKk3eBhabObfASK6GsWaFbZc
-W3XkjDNsallC1rmLCS8utWwZu/N6jKcngIWR3O6y3CSTpTN1ndy7efGSgOR/V53S
-39WBfzCOCcqKoVAJj0sTPHnrLLE103w++sakYR+apAwStj76TuIDQVAN3S6KJ4BQ
-sWDAiZvF7GD/EWP9W3T9jgH159tlL0bqBKdBOkLiH+lDSZsi3dJ7nNeaMEB8jl89
-9ruHytM7gLu8
------END CERTIFICATE-----
diff --git a/credentials/idp-encryption.key b/credentials/idp-encryption.key
deleted file mode 100644
index 88d9814..0000000
--- a/credentials/idp-encryption.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAoIGFGiOtOc4wCWQdxkupjRlebjY7PGUu+qayLzy/vA2Q9ZaP
-bFCt/BfrKxCofOnZYyDV0hNphEzni/Iedrbp25hquvN0EvVnNxbXdkwWWP3NtqJN
-rlKtNKtF9kUnJm1jHLqaM1Zn3rubBk4mdPJy8gqPAf+K5TVeeeKBdRySdlpXAnf3
-Ag98pAFSJI4zSGiV95NJ4qvqDg65RgoqDrsDCazoNLpW2jsSUhdlwmstsmKNm6Jp
-4XKjEs+3uI/b5IZSld0YEiLPBmCI3CUOx4ssTJHZta69Y5uBBCV8f5vHg9JnAu3j
-7YaKARLScxBDN+edYRMnNN3emMFHXHRX/Jv75wIDAQABAoIBAQCMUM5YjKnqZ/uM
-qi5xZUHjbTMlbFmaseZBD6ukKhqAPufkGuxlR57iTNK1AkoZcaIuy8zBa2EKXOTr
-bg39wGhvJi7gIubtkAXcniZcb6X1xGOrbvY0GGj9K2HtKoVQTb6gpe0aRkZl7GJZ
-P8bU5ANi36InoAv/1wkxyrdb909/EJLmovM2SeagIjHyGVx94D6hb/akNeFgxnJg
-utPqTA58Jzp00TPl+gnAtu3SU5pzHTjkk9YaXDR+WdNSF2pkuFV2NZ6IDAkqlGLa
-SfVQQrYpFCjVCAB9jIp2ref6k15iagy3VW8z7U8dnu4ITymjAcOUDK0KKwHUEc0P
-WNyIyT95AoGBAOpr1x1lAiriNjL0c9aryL6K09skv0yGpCaukPotMnvp2S5x33aJ
-2vXP5BCdglwQFXuSrJHmcF0LGpy0nble9UtxjHwNdzzMFmSWDAR6zCEj7Mr8sxnP
-95L7rKrJouXvpfTxRF+KI20U9J3F/xHKC0WG4AYzVolgc497lQxcHO+jAoGBAK9H
-26hRjkmBBJQt1OwgdQPz0hQKN6zNkr7987Z4CIo7uUMKDufp5pElCen1WziCC9Di
-WxP3TIFiTMukQTiLkZAy5h9/jubik0D/S2vwcNspYpMdw+rdhwCTTJN09kEGuXV0
-R8xiOR69wU/sI+bksl7FIXhP3tSS7Q9wESFk/3btAoGAdOw070RiQGF0BxZGcNxd
-1CwKX1OE1vaRCXoodZ/1fji1SqUhgE5iGBkI+ACX9LNRA8G0sVDu2nmfXGn6AWuL
-jYWlPHq67mgdAy6T7+gPyLfSc6x26HkCUx2UkdrglS9i5zkvkTelU9MP72HCR20v
-Eg6jznPsxbiF6xsIzJFlHWECgYBNBhe5hHUxSbe4YdeCF9Uz8m3rjn3eust0kGYL
-Vf3yuMH1erMIKFnAiHUt0TrPvx3wIbgCMxb0eDzk8/4RGgvSQPus9cHXJdOtqUH8
-YcFGHY6KtXbFe6l6kEADQE+CTbErsvhmEPem0Z3kQBGawf679IZ7tyVlZlc0BHwS
-n64/FQKBgF6UQ9BdRywiifsXnRK4cb0Kwaaru3TlMKM+NiPO30AmWxp6nXn8FqaO
-tAz+3SFxrnDFBf5xymiOe5klDwGFxyiabuzima6QmmBgb/Wn6/HZdLAInlAjIokN
-519M0/Yps7huYk6HS5ixNoynj4INlni+fBCnlAF6xhwDYIeiWV8b
------END RSA PRIVATE KEY-----
diff --git a/credentials/idp-signing.crt b/credentials/idp-signing.crt
deleted file mode 100644
index 9f9ab27..0000000
--- a/credentials/idp-signing.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIVAOMpm2MaJi2ZzTCDARxq7wZG8gPlMA0GCSqGSIb3DQEB
-CwUAMCkxJzAlBgNVBAMMHmlkcC50ZXN0YmVkLnRpZXIuaW50ZXJuZXQyLmVkdTAe
-Fw0xNjA0MDEwMTU0MTVaFw0zNjA0MDEwMTU0MTVaMCkxJzAlBgNVBAMMHmlkcC50
-ZXN0YmVkLnRpZXIuaW50ZXJuZXQyLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAJKkiQrjCYuaG3pu2XWmwlZmkyLFoBP+SFSk1aHh7sCFvu8Dt4/o
-EndpjBLsJw1ZgrpKVZTo1nBHHycFwp0Lmx31wgQYqabqSp/yWvTMxWpCBOJfRLD5
-9SbDk0hykvsUpa+MH9FeEerxNHhoKOiHxKtk9zSuaevoKzGjPDr4TFMgS6qtJdQn
-H+RwTTpLBuWPlCsTfInvWd/0n2qMukvOt9oqs1Modu14Oy/O6uWyypk82IEG6Nxs
-ngARR8XncYPbmahte6xR/Lk/eFHQNBg6+haAFPUjTdoD9+4EBVCPmdaDGhQzjoLl
-Z5KTlorEPGPfdsFEe5EslILCdGQvhH/N7/cCAwEAAaOBhDCBgTAdBgNVHQ4EFgQU
-UeUgJ5t3CTd3WIB0sSHonn5lAKgwYAYDVR0RBFkwV4IeaWRwLnRlc3RiZWQudGll
-ci5pbnRlcm5ldDIuZWR1hjVodHRwczovL2lkcC50ZXN0YmVkLnRpZXIuaW50ZXJu
-ZXQyLmVkdS9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAHgikn/w/
-Np0ayFaqi1HVnktowUqNcaY9IkUfQ81pEYSyIi6WEbd8r78735rlEpJ7GaT+ggZY
-E672rLnfHa2yID1xHVp+VNp0hyDcokETCUknTDovUUFr1pfF0qM9pxDjsTg7n1EC
-zeqBKLKfB04nBuk8rsTDM5X+pii5LabFtslItsKMq6uraLrYWMC2CUCPUiTPN4VV
-nwQpz3Qam32mxE0khppppd54zQi39SKPhQMDtZaDFcrNtMUAB/0sysk/kNE/mvm4
-33Gn///Wic20pR31EJNxOgokuJ8M182gEGeJbV9ymtld/L8lBtIWbPH65RqNKuR1
-TzizVs6q/jei7A==
------END CERTIFICATE-----
diff --git a/credentials/idp-signing.key b/credentials/idp-signing.key
deleted file mode 100644
index b2f08ca..0000000
--- a/credentials/idp-signing.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAkqSJCuMJi5obem7ZdabCVmaTIsWgE/5IVKTVoeHuwIW+7wO3
-j+gSd2mMEuwnDVmCukpVlOjWcEcfJwXCnQubHfXCBBippupKn/Ja9MzFakIE4l9E
-sPn1JsOTSHKS+xSlr4wf0V4R6vE0eGgo6IfEq2T3NK5p6+grMaM8OvhMUyBLqq0l
-1Ccf5HBNOksG5Y+UKxN8ie9Z3/Sfaoy6S8632iqzUyh27Xg7L87q5bLKmTzYgQbo
-3GyeABFHxedxg9uZqG17rFH8uT94UdA0GDr6FoAU9SNN2gP37gQFUI+Z1oMaFDOO
-guVnkpOWisQ8Y992wUR7kSyUgsJ0ZC+Ef83v9wIDAQABAoIBAFTJFQNaabZxj9mm
-Jc1EcbCK9h9wrDFjIGbwNyS2ANkHe3GucH+f6q1oNTjrmVi6nD8ho4HJbdLVDEn/
-ppouj60u3tKHf++mHyeDdNt9Wdcp/LD17D13CCs1gP6uYBUTxwhMuEjRXwK8G15S
-uvRXK3r9kYDAJzXisrasbrKZxWd5sLiFN3zrk5M7lEAOoZuH6kngnZnndS9T1h1p
-lH2gWvy2XxZhQ+vXpa8JhWxzbUY+SrV2LOLPzIm7IiMJskTnlsK7/Mvi7kSEqPcQ
-45fYqxBINjM1zRrKjSYjjDsYRPVxuxHRt1QzFMrdOOy0JeAunEU2rIQWzicGeUTr
-Q32UZEECgYEAwojkoLEfsJdbvPly8PRkOkEFbVx31QxZ1gjUu2xxUmqAxD88dozM
-f5L7EoMYNoXR/VBZel7/fXFnz1mcDMQHP37rxEJhot6XN/jGRaOFiBRRLowu8wul
-X+f4bZRGzZfawIKjC4yCo4LkI28aSPmF/ByB1XwdCrpcZALtPI3hwi8CgYEAwPnb
-ASnRhKiCQhMnXQcvCo8nKxOY+x6d6WWcvgwAx74v1wxaTHF0rJ+CHvxrb8Vmy9Cn
-lBnWavHJ9FBvB5RVxfIkg2Sk26DAbY+kYjj04OHd//qPjWscrqpLIzdnMx080TUp
-3bJZhFM7b7CkEbURbfhvL7mIzrxzJEYYlHjGJLkCgYBAm8KC9BC4T6yyOI7KJADd
-sBajWaCa630yrsAodz2zx5d4lh/4p46LmD82yL9T7GHvpa3yDHcCLJXzsak4PCrE
-Fd0r03gl5ZOHjWIcYtDIfybvNLOrGOUV0y8ZBbP2OEb4xOptvX7t21z1v8KVFfo/
-3x/nzU6/72Eb/jTYda7TFQKBgHgXxfw+Wx5Ug+O86cVSICtRFU4QfybgUeObEeWP
-sLidmkYZcOSbwsFe7up7qhy/245Bhth7D940JLt/hulPneV3INQIQTRRIQ/N0b4y
-tepxhee0tbuLiikE34fGBdpgeqWzkR9fy6e26IlEg4ZlibhHYGJx8zq9Oma7nLZh
-RuY5AoGARv6jYkWOggjdrlZN1vwXDLkhGFi0t0KJF18/7A8x7NxznRzJm+2G+cpd
-T/xb0m25ft9jpk6SS8H9jCfkFkf0Kpow5th8A0abADp2eLc4ZSNVqA0yD0nqD7WW
-DULEdHbGSjd55DO+pzlb6dxXZa98qmo5FS+UXPcOlEsNci2wyO4=
------END RSA PRIVATE KEY-----
diff --git a/credentials/sealer.jks b/credentials/sealer.jks
deleted file mode 100644
index ca9fdfa..0000000
Binary files a/credentials/sealer.jks and /dev/null differ
diff --git a/credentials/sealer.kver b/credentials/sealer.kver
index 2f1ad21..562fc1d 100644
--- a/credentials/sealer.kver
+++ b/credentials/sealer.kver
@@ -1,2 +1 @@
-#Fri Apr 01 01:54:16 UTC 2016
-CurrentVersion=1
+CurrentVersion=1
\ No newline at end of file
diff --git a/dist/conf/access-control.xml.dist b/dist/conf/access-control.xml.dist
deleted file mode 100644
index 9b23ad7..0000000
--- a/dist/conf/access-control.xml.dist
+++ /dev/null
@@ -1,32 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/attribute-filter.xml.dist b/dist/conf/attribute-filter.xml.dist
deleted file mode 100644
index f8c41ba..0000000
--- a/dist/conf/attribute-filter.xml.dist
+++ /dev/null
@@ -1,45 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/attribute-resolver-full.xml.dist b/dist/conf/attribute-resolver-full.xml.dist
deleted file mode 100644
index d09a1ea..0000000
--- a/dist/conf/attribute-resolver-full.xml.dist
+++ /dev/null
@@ -1,295 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/attribute-resolver-ldap.xml.dist b/dist/conf/attribute-resolver-ldap.xml.dist
deleted file mode 100644
index 9ac44d3..0000000
--- a/dist/conf/attribute-resolver-ldap.xml.dist
+++ /dev/null
@@ -1,97 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- %{idp.attribute.resolver.LDAP.returnAttributes}
-
- %{idp.attribute.resolver.LDAP.trustCertificates}
-
-
-
-
diff --git a/dist/conf/attribute-resolver.xml.dist b/dist/conf/attribute-resolver.xml.dist
deleted file mode 100644
index 52b475a..0000000
--- a/dist/conf/attribute-resolver.xml.dist
+++ /dev/null
@@ -1,95 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- uid
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- member
-
-
-
-
diff --git a/dist/conf/audit.xml.dist b/dist/conf/audit.xml.dist
deleted file mode 100644
index 9940cec..0000000
--- a/dist/conf/audit.xml.dist
+++ /dev/null
@@ -1,103 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- http://shibboleth.net/ns/profiles/status
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/authn-comparison.xml.dist b/dist/conf/authn/authn-comparison.xml.dist
deleted file mode 100644
index f167b7a..0000000
--- a/dist/conf/authn/authn-comparison.xml.dist
+++ /dev/null
@@ -1,77 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
-
-
-
diff --git a/dist/conf/authn/authn-events-flow.xml.dist b/dist/conf/authn/authn-events-flow.xml.dist
deleted file mode 100644
index 244e1db..0000000
--- a/dist/conf/authn/authn-events-flow.xml.dist
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/external-authn-config.xml.dist b/dist/conf/authn/external-authn-config.xml.dist
deleted file mode 100644
index 4ce8f26..0000000
--- a/dist/conf/authn/external-authn-config.xml.dist
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- UnknownUsername
-
-
-
-
- InvalidPassword
-
-
-
-
- ExpiredPassword
-
-
-
-
- ExpiringPassword
-
-
-
-
-
diff --git a/dist/conf/authn/general-authn.xml.dist b/dist/conf/authn/general-authn.xml.dist
deleted file mode 100644
index f127a13..0000000
--- a/dist/conf/authn/general-authn.xml.dist
+++ /dev/null
@@ -1,114 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 1
-
-
-
-
diff --git a/dist/conf/authn/ipaddress-authn-config.xml.dist b/dist/conf/authn/ipaddress-authn-config.xml.dist
deleted file mode 100644
index a3ee096..0000000
--- a/dist/conf/authn/ipaddress-authn-config.xml.dist
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/jaas-authn-config.xml.dist b/dist/conf/authn/jaas-authn-config.xml.dist
deleted file mode 100644
index daef4d2..0000000
--- a/dist/conf/authn/jaas-authn-config.xml.dist
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- ShibUserPassAuth
-
-
-
-
-
diff --git a/dist/conf/authn/jaas.config.dist b/dist/conf/authn/jaas.config.dist
deleted file mode 100644
index 232e93d..0000000
--- a/dist/conf/authn/jaas.config.dist
+++ /dev/null
@@ -1,11 +0,0 @@
-ShibUserPassAuth {
- /*
- com.sun.security.auth.module.Krb5LoginModule required;
- */
-
- org.ldaptive.jaas.LdapLoginModule required
- ldapUrl="ldap://localhost:10389"
- baseDn="ou=people,dc=example,dc=org"
- userFilter="uid={user}";
-
-};
\ No newline at end of file
diff --git a/dist/conf/authn/krb5-authn-config.xml.dist b/dist/conf/authn/krb5-authn-config.xml.dist
deleted file mode 100644
index d3590a2..0000000
--- a/dist/conf/authn/krb5-authn-config.xml.dist
+++ /dev/null
@@ -1,31 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/ldap-authn-config.xml.dist b/dist/conf/authn/ldap-authn-config.xml.dist
deleted file mode 100644
index 5626629..0000000
--- a/dist/conf/authn/ldap-authn-config.xml.dist
+++ /dev/null
@@ -1,130 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/password-authn-config.xml.dist b/dist/conf/authn/password-authn-config.xml.dist
deleted file mode 100644
index be8b06f..0000000
--- a/dist/conf/authn/password-authn-config.xml.dist
+++ /dev/null
@@ -1,109 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- NoCredentials
- CLIENT_NOT_FOUND
- Client not found
- DN_RESOLUTION_FAILURE
-
-
-
-
- InvalidCredentials
- PREAUTH_FAILED
- INVALID_CREDENTIALS
-
-
-
-
- Clients credentials have been revoked
-
-
-
-
- PASSWORD_EXPIRED
-
-
-
-
- ACCOUNT_WARNING
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/remoteuser-authn-config.xml.dist b/dist/conf/authn/remoteuser-authn-config.xml.dist
deleted file mode 100644
index b5a923f..0000000
--- a/dist/conf/authn/remoteuser-authn-config.xml.dist
+++ /dev/null
@@ -1,67 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- NoCredentials
-
-
-
-
- UnknownUsername
-
-
-
-
- InvalidPassword
-
-
-
-
- ExpiredPassword
-
-
-
-
- ExpiringPassword
-
-
-
-
-
diff --git a/dist/conf/authn/remoteuser-internal-authn-config.xml.dist b/dist/conf/authn/remoteuser-internal-authn-config.xml.dist
deleted file mode 100644
index 9e68c85..0000000
--- a/dist/conf/authn/remoteuser-internal-authn-config.xml.dist
+++ /dev/null
@@ -1,63 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/spnego-authn-config.xml.dist b/dist/conf/authn/spnego-authn-config.xml.dist
deleted file mode 100644
index 404d7e9..0000000
--- a/dist/conf/authn/spnego-authn-config.xml.dist
+++ /dev/null
@@ -1,69 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- SPNEGONotAvailable
-
-
-
-
- NTLMUnsupported
-
-
-
-
-
diff --git a/dist/conf/authn/x509-authn-config.xml.dist b/dist/conf/authn/x509-authn-config.xml.dist
deleted file mode 100644
index 0e54f45..0000000
--- a/dist/conf/authn/x509-authn-config.xml.dist
+++ /dev/null
@@ -1,41 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
- NoCredentials
- InvalidCredentials
-
-
-
-
-
diff --git a/dist/conf/authn/x509-internal-authn-config.xml.dist b/dist/conf/authn/x509-internal-authn-config.xml.dist
deleted file mode 100644
index bad3029..0000000
--- a/dist/conf/authn/x509-internal-authn-config.xml.dist
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
-
-
-
-
diff --git a/dist/conf/c14n/attribute-sourced-subject-c14n-config.xml.dist b/dist/conf/c14n/attribute-sourced-subject-c14n-config.xml.dist
deleted file mode 100644
index 938b30f..0000000
--- a/dist/conf/c14n/attribute-sourced-subject-c14n-config.xml.dist
+++ /dev/null
@@ -1,44 +0,0 @@
-
-
-
-
-
- altuid
-
-
-
-
- altuid
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/simple-subject-c14n-config.xml.dist b/dist/conf/c14n/simple-subject-c14n-config.xml.dist
deleted file mode 100644
index 3cddfa6..0000000
--- a/dist/conf/c14n/simple-subject-c14n-config.xml.dist
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/subject-c14n-events-flow.xml.dist b/dist/conf/c14n/subject-c14n-events-flow.xml.dist
deleted file mode 100644
index d7458cd..0000000
--- a/dist/conf/c14n/subject-c14n-events-flow.xml.dist
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/subject-c14n.xml.dist b/dist/conf/c14n/subject-c14n.xml.dist
deleted file mode 100644
index 16fc6f1..0000000
--- a/dist/conf/c14n/subject-c14n.xml.dist
+++ /dev/null
@@ -1,109 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
- urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
- urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/x500-subject-c14n-config.xml.dist b/dist/conf/c14n/x500-subject-c14n-config.xml.dist
deleted file mode 100644
index 1ae25e4..0000000
--- a/dist/conf/c14n/x500-subject-c14n-config.xml.dist
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- 2.5.4.3
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/cas-protocol.xml.dist b/dist/conf/cas-protocol.xml.dist
deleted file mode 100644
index 09a05ef..0000000
--- a/dist/conf/cas-protocol.xml.dist
+++ /dev/null
@@ -1,53 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/credentials.xml.dist b/dist/conf/credentials.xml.dist
deleted file mode 100644
index 7462879..0000000
--- a/dist/conf/credentials.xml.dist
+++ /dev/null
@@ -1,65 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/errors.xml.dist b/dist/conf/errors.xml.dist
deleted file mode 100644
index 5de522f..0000000
--- a/dist/conf/errors.xml.dist
+++ /dev/null
@@ -1,120 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/global.xml.dist b/dist/conf/global.xml.dist
deleted file mode 100644
index 60562e3..0000000
--- a/dist/conf/global.xml.dist
+++ /dev/null
@@ -1,53 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/idp.properties.dist b/dist/conf/idp.properties.dist
deleted file mode 100644
index a31bd7e..0000000
--- a/dist/conf/idp.properties.dist
+++ /dev/null
@@ -1,194 +0,0 @@
-# Load any additional property resources from a comma-delimited list
-idp.additionalProperties = /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties
-
-# Set the entityID of the IdP
-idp.entityID = https://idp.example.org
-
-# Set the scope used in the attribute resolver for scoped attributes
-idp.scope = example.org
-
-# General cookie properties (maxAge only applies to persistent cookies)
-#idp.cookie.secure = false
-#idp.cookie.httpOnly = true
-#idp.cookie.domain =
-#idp.cookie.path =
-#idp.cookie.maxAge = 31536000
-
-# Set the location of user-supplied web flow definitions
-#idp.webflows = %{idp.home}/flows
-
-# Set the location of Velocity view templates
-#idp.views = %{idp.home}/views
-
-# Settings for internal AES encryption key
-#idp.sealer.storeType = JCEKS
-#idp.sealer.updateInterval = PT15M
-#idp.sealer.aliasBase = secret
-idp.sealer.storeResource = %{idp.home}/credentials/sealer.jks
-idp.sealer.versionResource = %{idp.home}/credentials/sealer.kver
-idp.sealer.storePassword = password
-idp.sealer.keyPassword = password
-
-# Settings for public/private signing and encryption key(s)
-# During decryption key rollover, point the ".2" properties at a second
-# keypair, uncomment in credentials.xml, then publish it in your metadata.
-idp.signing.key = %{idp.home}/credentials/idp-signing.key
-idp.signing.cert = %{idp.home}/credentials/idp-signing.crt
-idp.encryption.key = %{idp.home}/credentials/idp-encryption.key
-idp.encryption.cert = %{idp.home}/credentials/idp-encryption.crt
-#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
-#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
-
-# Sets the bean ID to use as a default security configuration set
-#idp.security.config = shibboleth.DefaultSecurityConfiguration
-
-# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1
-#idp.signing.config = shibboleth.SigningConfiguration.SHA256
-
-# Configures trust evaluation of keys used by services at runtime
-# Defaults to supporting both explicit key and PKIX using SAML metadata.
-#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
-#idp.trust.certificates = shibboleth.ChainingX509TrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine
-
-# If true, encryption will happen whenever a key to use can be located, but
-# failure to encrypt won't result in request failure.
-#idp.encryption.optional = false
-
-# Configuration of client- and server-side storage plugins
-#idp.storage.cleanupInterval = PT10M
-#idp.storage.htmlLocalStorage = false
-
-# Set to true to expose more detailed errors in responses to SPs
-#idp.errors.detailed = false
-# Set to false to skip signing of SAML response messages that signal errors
-#idp.errors.signed = true
-# Name of bean containing a list of Java exception classes to ignore
-#idp.errors.excludedExceptions = ExceptionClassListBean
-# Name of bean containing a property set mapping exception names to views
-#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
-# Set if a different default view name for events and exceptions is needed
-#idp.errors.defaultView = error
-
-# Set to false to disable the IdP session layer
-#idp.session.enabled = true
-
-# Set to "shibboleth.StorageService" for server-side storage of user sessions
-#idp.session.StorageService = shibboleth.ClientSessionStorageService
-
-# Size of session IDs
-#idp.session.idSize = 32
-# Bind sessions to IP addresses
-#idp.session.consistentAddress = true
-# Inactivity timeout
-#idp.session.timeout = PT60M
-# Extra time to store sessions for logout
-#idp.session.slop = PT0S
-# Tolerate storage-related errors
-#idp.session.maskStorageFailure = false
-# Track information about SPs logged into
-#idp.session.trackSPSessions = false
-# Support lookup by SP for SAML logout
-#idp.session.secondaryServiceIndex = false
-# Length of time to track SP sessions
-#idp.session.defaultSPlifetime = PT2H
-
-# Regular expression matching login flows to enable, e.g. IPAddress|Password
-idp.authn.flows = Password
-
-# Regular expression of forced "initial" methods when no session exists,
-# usually in conjunction with the idp.authn.resolveAttribute property below.
-#idp.authn.flows.initial = Password
-
-# Set to an attribute ID to resolve prior to selecting authentication flows;
-# its values are used to filter the flows to allow.
-#idp.authn.resolveAttribute = eduPersonAssurance
-
-# Default lifetime and timeout of various authentication methods
-#idp.authn.defaultLifetime = PT60M
-#idp.authn.defaultTimeout = PT30M
-
-# Whether to prioritize "active" results when an SP requests more than
-# one possible matching login method (V2 behavior was to favor them)
-#idp.authn.favorSSO = true
-
-# Whether to fail requests when a user identity after authentication
-# doesn't match the identity in a pre-existing session.
-#idp.authn.identitySwitchIsError = false
-
-# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
-#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
-
-# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
-# to key user consent storage records (and set the attribute name)
-#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
-#idp.consent.userStorageKeyAttribute = uid
-
-# Flags controlling how built-in attribute consent feature operates
-#idp.consent.allowDoNotRemember = true
-#idp.consent.allowGlobal = true
-#idp.consent.allowPerAttribute = false
-
-# Whether attribute values and terms of use text are compared
-#idp.consent.compareValues = false
-# Maximum number of consent records for space-limited storage (e.g. cookies)
-#idp.consent.maxStoredRecords = 10
-# Maximum number of consent records for larger/server-side storage (0 = no limit)
-#idp.consent.expandedMaxStoredRecords = 0
-
-# Time in milliseconds to expire consent storage records.
-#idp.consent.storageRecordLifetime = P1Y
-
-# Whether to lookup metadata, etc. for every SP involved in a logout
-# for use by user interface logic; adds overhead so off by default.
-#idp.logout.elaboration = false
-
-# Whether to require logout requests be signed/authenticated.
-#idp.logout.authenticated = true
-
-# Message freshness and replay cache tuning
-#idp.policy.messageLifetime = PT3M
-#idp.policy.clockSkew = PT3M
-
-# Set to custom bean for alternate storage of replay cache
-#idp.replayCache.StorageService = shibboleth.StorageService
-
-# Toggles whether to allow outbound messages via SAML artifact
-#idp.artifact.enabled = true
-# Suppresses typical signing/encryption when artifact binding used
-#idp.artifact.secureChannel = true
-# May differ to direct SAML 2 artifact lookups to specific server nodes
-#idp.artifact.endpointIndex = 2
-# Set to custom bean for alternate storage of artifact map state
-#idp.artifact.StorageService = shibboleth.StorageService
-
-# Name of access control policy for various admin flows
-idp.status.accessPolicy = AccessByIPAddress
-idp.resolvertest.accessPolicy = AccessByIPAddress
-idp.reload.accessPolicy = AccessByIPAddress
-
-# Comma-delimited languages to use if not match can be found with the
-# browser-supported languages, defaults to an empty list.
-idp.ui.fallbackLanguages=en,fr,de
-
-# Storage service used by CAS protocol
-# Defaults to shibboleth.StorageService (in-memory)
-# MUST be server-side storage (e.g. in-memory, memcached, database)
-# NOTE that idp.session.StorageService requires server-side storage
-# when CAS protocol is enabled
-#idp.cas.StorageService=shibboleth.StorageService
-
-# CAS service registry implementation class
-#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
-
-# Profile flows in which the ProfileRequestContext should be exposed
-# in servlet request under the key "opensamlProfileRequestContext"
-#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO
-
-# F-TICKS auditing - set salt to include hashed username
-#idp.fticks.federation=MyFederation
-#idp.fticks.algorithm=SHA-256
-#idp.fticks.salt=somethingsecret
\ No newline at end of file
diff --git a/dist/conf/intercept/consent-intercept-config.xml.dist b/dist/conf/intercept/consent-intercept-config.xml.dist
deleted file mode 100644
index ca183a7..0000000
--- a/dist/conf/intercept/consent-intercept-config.xml.dist
+++ /dev/null
@@ -1,136 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- transientId
- persistentId
- eduPersonTargetedID
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/intercept/context-check-intercept-config.xml.dist b/dist/conf/intercept/context-check-intercept-config.xml.dist
deleted file mode 100644
index 809f1d4..0000000
--- a/dist/conf/intercept/context-check-intercept-config.xml.dist
+++ /dev/null
@@ -1,42 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/intercept/intercept-events-flow.xml.dist b/dist/conf/intercept/intercept-events-flow.xml.dist
deleted file mode 100644
index 5cb30d5..0000000
--- a/dist/conf/intercept/intercept-events-flow.xml.dist
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/intercept/profile-intercept.xml.dist b/dist/conf/intercept/profile-intercept.xml.dist
deleted file mode 100644
index fedc2b2..0000000
--- a/dist/conf/intercept/profile-intercept.xml.dist
+++ /dev/null
@@ -1,36 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/ldap.properties.dist b/dist/conf/ldap.properties.dist
deleted file mode 100644
index 2d2aef2..0000000
--- a/dist/conf/ldap.properties.dist
+++ /dev/null
@@ -1,60 +0,0 @@
-# LDAP authentication configuration, see authn/ldap-authn-config.xml
-# Note, this doesn't apply to the use of JAAS
-
-## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
-#idp.authn.LDAP.authenticator = anonSearchAuthenticator
-
-## Connection properties ##
-idp.authn.LDAP.ldapURL = ldap://localhost:10389
-#idp.authn.LDAP.useStartTLS = true
-#idp.authn.LDAP.useSSL = false
-#idp.authn.LDAP.connectTimeout = 3000
-
-## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
-#idp.authn.LDAP.sslConfig = certificateTrust
-## If using certificateTrust above, set to the trusted certificate's path
-idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
-## If using keyStoreTrust above, set to the truststore path
-idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
-
-## Return attributes during authentication
-## NOTE: there is a separate property used for attribute resolution
-idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining
-
-## DN resolution properties ##
-
-# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
-# for AD: CN=Users,DC=example,DC=org
-idp.authn.LDAP.baseDN = ou=people,dc=example,dc=org
-#idp.authn.LDAP.subtreeSearch = false
-idp.authn.LDAP.userFilter = (uid={user})
-# bind search configuration
-# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
-idp.authn.LDAP.bindDN = uid=myservice,ou=system
-idp.authn.LDAP.bindDNCredential = myServicePassword
-
-# Format DN resolution, used by directAuthenticator, adAuthenticator
-# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
-idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=example,dc=org
-
-# LDAP attribute configuration, see attribute-resolver.xml
-# Note, this likely won't apply to the use of legacy V2 resolver configurations
-idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
-idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined}
-idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined}
-idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
-idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true}
-idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined}
-idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal)
-idp.attribute.resolver.LDAP.returnAttributes = cn,homephone,mail
-
-# LDAP pool configuration, used for both authn and DN resolution
-#idp.pool.LDAP.minSize = 3
-#idp.pool.LDAP.maxSize = 10
-#idp.pool.LDAP.validateOnCheckout = false
-#idp.pool.LDAP.validatePeriodically = true
-#idp.pool.LDAP.validatePeriod = 300
-#idp.pool.LDAP.prunePeriod = 300
-#idp.pool.LDAP.idleTime = 600
-#idp.pool.LDAP.blockWaitTime = 3000
-#idp.pool.LDAP.failFastInitialize = false
diff --git a/dist/conf/logback.xml.dist b/dist/conf/logback.xml.dist
deleted file mode 100644
index 2582d1c..0000000
--- a/dist/conf/logback.xml.dist
+++ /dev/null
@@ -1,166 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ${idp.logfiles}/idp-process.log
-
-
- ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}
-
-
-
-
-
- 0
-
-
-
-
-
- WARN
-
-
- ${idp.logfiles}/idp-warn.log
-
-
- ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}
-
-
-
-
-
- ${idp.logfiles}/idp-audit.log
-
-
- ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.logfiles}/idp-consent-audit.log
-
-
- ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.fticks.loghost:-localhost}
- ${idp.fticks.logport:-514}
- AUTH
- [%thread] %logger %msg
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/metadata-providers.xml.dist b/dist/conf/metadata-providers.xml.dist
deleted file mode 100644
index 49fd53c..0000000
--- a/dist/conf/metadata-providers.xml.dist
+++ /dev/null
@@ -1,72 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/mvc-beans.xml.dist b/dist/conf/mvc-beans.xml.dist
deleted file mode 100644
index 98d9bcd..0000000
--- a/dist/conf/mvc-beans.xml.dist
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
-
-
-
diff --git a/dist/conf/relying-party.xml.dist b/dist/conf/relying-party.xml.dist
deleted file mode 100644
index 28c9193..0000000
--- a/dist/conf/relying-party.xml.dist
+++ /dev/null
@@ -1,70 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/saml-nameid.properties.dist b/dist/conf/saml-nameid.properties.dist
deleted file mode 100644
index 8530c4f..0000000
--- a/dist/conf/saml-nameid.properties.dist
+++ /dev/null
@@ -1,35 +0,0 @@
-# Properties involving SAML NameIdentifier/NameID generation/consumption
-
-# For the most part these settings only deal with "transient" and "persistent"
-# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced
-# settings
-
-# Comment out to disable legacy NameID generation via Attribute Resolver
-#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
-#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator
-
-# Default NameID Formats to use when nothing else is called for.
-# Don't change these just to change the Format used for a single SP!
-#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier
-
-# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage
-#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator
-
-# Persistent IDs can be computed on the fly with a hash, or managed in a database
-
-# For computed IDs, set a source attribute and a secret salt:
-#idp.persistentId.sourceAttribute = changethistosomethingreal
-#idp.persistentId.useUnfilteredAttributes = true
-# Do *NOT* share the salt with other people, it's like divulging your private key.
-#idp.persistentId.algorithm = SHA
-#idp.persistentId.salt = changethistosomethingrandom
-
-# To use a database, use shibboleth.StoredPersistentIdGenerator
-#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator
-# For basic use, set this to a JDBC DataSource bean name:
-#idp.persistentId.dataSource = PersistentIdDataSource
-# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore
-#idp.persistentId.store = MyPersistentIdStore
-# Set to an empty property to skip hash-based generation of first stored ID
-#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator
diff --git a/dist/conf/saml-nameid.xml.dist b/dist/conf/saml-nameid.xml.dist
deleted file mode 100644
index ea97448..0000000
--- a/dist/conf/saml-nameid.xml.dist
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/services.properties.dist b/dist/conf/services.properties.dist
deleted file mode 100644
index 116625a..0000000
--- a/dist/conf/services.properties.dist
+++ /dev/null
@@ -1,61 +0,0 @@
-# Configure the resources to load for various services,
-# and the settings for failure handling and auto-reload.
-
-# failFast=true prevents IdP startup if a configuration is bad
-# checkInterval = PT0S means never reload (this is the default)
-
-# Global default for fail-fast behavior of most subsystems
-# with individual override possible below.
-#idp.service.failFast = false
-
-#idp.service.logging.resource = %{idp.home}/conf/logback.xml
-#idp.service.logging.failFast = true
-idp.service.logging.checkInterval = PT5M
-
-# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml
-#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources
-#idp.service.relyingparty.failFast = false
-idp.service.relyingparty.checkInterval = PT15M
-
-#idp.service.metadata.resources = shibboleth.MetadataResolverResources
-#idp.service.metadata.failFast = false
-#idp.service.metadata.checkInterval = PT0S
-
-#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources
-#idp.service.attribute.resolver.failFast = false
-idp.service.attribute.resolver.checkInterval = PT15M
-#idp.service.attribute.resolver.maskFailures = true
-
-#idp.service.attribute.filter.resources = shibboleth.AttributeFilterResources
-# NOTE: Failing the filter fast leaves no filters enabled.
-#idp.service.attribute.filter.failFast = false
-idp.service.attribute.filter.checkInterval = PT15M
-#idp.service.attribute.filter.maskFailures = true
-
-#idp.service.nameidGeneration.resources = shibboleth.NameIdentifierGenerationResources
-#idp.service.nameidGeneration.failFast = false
-idp.service.nameidGeneration.checkInterval = PT15M
-
-#idp.service.access.resources = shibboleth.AccessControlResources
-#idp.service.access.failFast = true
-idp.service.access.checkInterval = PT5M
-
-#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources
-#idp.service.cas.registry.failFast = false
-idp.service.cas.registry.checkInterval = PT15M
-
-#idp.message.resources = shibboleth.MessageSourceResources
-#idp.message.cacheSeconds = 300
-
-# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching.
-# These are used with components such as remote configuration resources that are explicitly wired
-# with these client instances, *not* by default with HTTP metadata resolvers.
-#idp.httpclient.useTrustEngineTLSSocketFactory = false
-#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false
-#idp.httpclient.connectionDisregardTLSCertificate = false
-#idp.httpclient.connectionTimeout = -1
-#idp.httpclient.memorycaching.maxCacheEntries = 50
-#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576
-#idp.httpclient.filecaching.maxCacheEntries = 100
-#idp.httpclient.filecaching.maxCacheEntrySize = 10485760
-idp.httpclient.filecaching.cacheDirectory = %{idp.home}/tmp/httpClientCache
\ No newline at end of file
diff --git a/dist/conf/services.xml.dist b/dist/conf/services.xml.dist
deleted file mode 100644
index d22fff9..0000000
--- a/dist/conf/services.xml.dist
+++ /dev/null
@@ -1,145 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- %{idp.home}/conf/relying-party.xml
- %{idp.home}/conf/credentials.xml
- %{idp.home}/system/conf/relying-party-system.xml
-
-
-
-
- %{idp.home}/conf/relying-party.xml
- %{idp.home}/system/conf/legacy-relying-party-defaults.xml
-
-
-
- %{idp.home}/conf/metadata-providers.xml
- %{idp.home}/system/conf/metadata-providers-system.xml
-
-
-
- %{idp.home}/conf/attribute-resolver.xml
-
-
-
- %{idp.home}/conf/attribute-filter.xml
-
-
-
- %{idp.home}/conf/saml-nameid.xml
- %{idp.home}/system/conf/saml-nameid-system.xml
-
-
-
- %{idp.home}/conf/access-control.xml
- %{idp.home}/system/conf/access-control-system.xml
-
-
-
- %{idp.home}/conf/cas-protocol.xml
-
-
-
-
- %{idp.home}/messages/authn-messages
- %{idp.home}/messages/consent-messages
- %{idp.home}/messages/error-messages
-
-
-
diff --git a/dist/conf/session-manager.xml.dist b/dist/conf/session-manager.xml.dist
deleted file mode 100644
index f195014..0000000
--- a/dist/conf/session-manager.xml.dist
+++ /dev/null
@@ -1,45 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/account-locked/account-locked-flow.xml.dist b/dist/flows/authn/conditions/account-locked/account-locked-flow.xml.dist
deleted file mode 100644
index 5fe7523..0000000
--- a/dist/flows/authn/conditions/account-locked/account-locked-flow.xml.dist
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/conditions-flow.xml.dist b/dist/flows/authn/conditions/conditions-flow.xml.dist
deleted file mode 100644
index caa0a13..0000000
--- a/dist/flows/authn/conditions/conditions-flow.xml.dist
+++ /dev/null
@@ -1,35 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/expired-password/expired-password-flow.xml.dist b/dist/flows/authn/conditions/expired-password/expired-password-flow.xml.dist
deleted file mode 100644
index 5fe7523..0000000
--- a/dist/flows/authn/conditions/expired-password/expired-password-flow.xml.dist
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/expiring-password/expiring-password-flow.xml.dist b/dist/flows/authn/conditions/expiring-password/expiring-password-flow.xml.dist
deleted file mode 100644
index f9f5ceb..0000000
--- a/dist/flows/authn/conditions/expiring-password/expiring-password-flow.xml.dist
+++ /dev/null
@@ -1,32 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/user/prefs/prefs-flow.xml.dist b/dist/flows/user/prefs/prefs-flow.xml.dist
deleted file mode 100644
index c79093b..0000000
--- a/dist/flows/user/prefs/prefs-flow.xml.dist
+++ /dev/null
@@ -1,25 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/messages/authn-messages.properties.dist b/dist/messages/authn-messages.properties.dist
deleted file mode 100644
index ed92747..0000000
--- a/dist/messages/authn-messages.properties.dist
+++ /dev/null
@@ -1,73 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/).
-
-# Login / Logout messages
-
-idp.login.loginTo = Login to
-
-idp.login.username = Username
-idp.login.password = Password
-
-idp.login.donotcache = Don't Remember Login
-
-idp.login.login = Login
-idp.login.pleasewait = Logging in, please wait...
-
-idp.login.forgotPassword = Forgot your password?
-idp.login.needHelp = Need Help?
-
-# Expiring password example messages
-
-idp.login.expiringSoon = Your password will be expiring soon!
-idp.login.changePassword = To create a new password now, go to
-idp.login.proceedBegin = Your login will proceed in 20 seconds or you may click
-idp.login.proceedHere = here
-idp.login.proceedEnd = to continue
-
-# Useful links
-
-idp.url.password.reset = #
-idp.url.helpdesk = #
-
-# User Preferences example messages
-
-idp.userprefs.title = Web Login Service
-idp.userprefs.title.suffice = Login Preferences
-idp.userprefs.info = This page allows you to configure your device to tell the Web Login Service that it \
- can use more advanced login approaches that are more convenient, but not always usable.
-idp.userprefs.options = The following options are available:
-idp.userprefs.spnego = Automatically try desktop login when available.
-idp.userprefs.no-js = This feature requires Javascript.
-
-# Classified Login Error messages
-
-UnknownUsername = bad-username
-InvalidPassword = bad-password
-ExpiredPassword = expired-password
-AccountLocked = account-locked
-SPNEGONotAvailable = spnego-unavailable
-NTLMUnsupported = ntlm
-
-bad-username.message = The username you entered cannot be identified.
-
-bad-password.message = The password you entered was incorrect.
-
-expired-password.message = Your password has expired.
-
-account-locked.message = Your account is locked.
-
-spnego-unavailable.message = Your web browser doesn't support authentication with your desktop login credentials.
-spnego-unavailable.return = Cancel the attempt.
-
-ntlm.message = Your web browser attempted to negotiate a weaker form of desktop authentication.
-
-# Logout-related messages
-
-idp.logout.ask = Would you like to attempt to log out of all services accessed during your session? \
- Please select Yes or No to ensure the logout \
- operation completes, or wait a few seconds for Yes.
-idp.logout.contactServices = If you proceed, the system will attempt to contact the following services:
-idp.logout.complete = The logout operation is complete, and no other services appear to have been accessed during this session.
-idp.logout.local = You elected not to log out of all the applications accessed during your session.
-idp.logout.attempt = Attempting to log out of the following services:
diff --git a/dist/messages/consent-messages.properties.dist b/dist/messages/consent-messages.properties.dist
deleted file mode 100644
index bed612e..0000000
--- a/dist/messages/consent-messages.properties.dist
+++ /dev/null
@@ -1,77 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/).
-
-# General messages related to terms of use consent.
-
-idp.terms-of-use.accept = I accept the terms of use
-idp.terms-of-use.submit = Submit
-idp.terms-of-use.reject = Refuse
-idp.terms-of-use.required = Please check this box if you want to proceed.
-
-# Triples consisting of a TOU key, and a title and text for each set of terms.
-# The default implementation uses the SP name as the key, but this can be overriden.
-
-https\://sp.example.org = example-tou-1
-example-tou-1.title = Example Terms of Use
-example-tou-1.text = *** This is an example ToU - tailor due to your needs *** \
-
Example organization AAI services: Terms of Use (ToU)
\
- A. Data Protection Sample Clause \
-
\
- "The End User notes that personal data about the End User is compiled from generally \
- available sources and from communications received from the End User and other \
- Universities as well as from off-site sources. The policy relating to the use and procession \
- of such data is posted on the University website at [...]. Such data will be used, inter alia, \
- to authenticate and authorize the access to and use of various resources within \
- the University and on other sites ("Approved Uses"). The End User hereby consents to \
- the collection, processing, use and release of such data to the extent reasonably necessary \
- for the Approved Uses. Such consent includes, but is not limited to, the release \
- of personal data to other institutions by employing cookies and electronically exchanging, \
- caching and storing personal authorization attributes." \
-
\
- B. Limitation of Liability \
-
\
- "To the extent permitted by the applicable law, the End User hereby waives all and any \
- claims for cost and damages, whether direct or indirect, incidental, or consequential(including, \
- inter alia, loss of use and lost profits), both in contract and in tort, arising from \
- the use or in any way related to the inter-organizational authentication and authorization \
- services which allow the End User to access certain resources of other organizations. \
- This waiver of claims shall be valid and effective in relation to all participants of \
- the inter-organizational authentication and authorization services including the AAI \
- Service Provider and its affiliates, officers, employees and agents." \
-
-
-# Messages related to attribute release consent.
-
-idp.attribute-release.revoke = Clear prior granting of permission for release of your information to this service.
-
-idp.attribute-release.title = Information Release
-
-idp.attribute-release.attributesHeader = Information to be Provided to Service
-
-idp.attribute-release.serviceNameLabel = You are about to access the service:
-idp.attribute-release.of = of
-idp.attribute-release.serviceDescriptionLabel = Description as provided by this service:
-
-idp.attribute-release.informationURLLabel = Additional information about the service
-idp.attribute-release.privacyStatementURLLabel = Data privacy information of the service
-
-idp.attribute-release.showDetails = show details
-
-idp.attribute-release.accept = Accept
-idp.attribute-release.reject = Reject
-
-idp.attribute-release.confirmationQuestion = The information above would be shared with the service if you proceed. \
- Do you agree to release this information to the service every time you access it?
-
-idp.attribute-release.consentMethod = Select an information release consent duration:
-idp.attribute-release.consentMethodRevoke = This setting can be revoked at any time with the checkbox on the login page.
-
-idp.attribute-release.doNotRememberConsent = Ask me again at next login
-idp.attribute-release.doNotRememberConsentItem = I agree to send my information this time.
-
-idp.attribute-release.rememberConsent = Ask me again if information to be provided to this service changes
-idp.attribute-release.rememberConsentItem = I agree that the same information will be sent automatically to this service in the future.
-
-idp.attribute-release.globalConsent = Do not ask me again
-idp.attribute-release.globalConsentItem = I agree that all of my information will be released to any service.
diff --git a/dist/messages/error-messages.properties.dist b/dist/messages/error-messages.properties.dist
deleted file mode 100644
index 4f93680..0000000
--- a/dist/messages/error-messages.properties.dist
+++ /dev/null
@@ -1,119 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/).
-
-# Title / Message mappings for error view
-
-# General strings
-idp.title = Web Login Service
-idp.title.suffix = Error
-idp.logo = /images/dummylogo.png
-idp.logo.alt-text = Replace or remove this logo
-idp.message = An unidentified error occurred.
-idp.footer = Insert your footer text here.
-
-idp.client-storage-read.title = Loading Session State...
-idp.client-storage-write.title = Saving Session State...
-idp.client-storage.no-js = Since your browser does not support JavaScript, \
- you must press the Continue button once to proceed.
-
-# Event to error key mappings
-
-AccessDenied = access
-ContextCheckDenied = context-check-denied
-EndpointResolutionFailed = endpoint
-InvalidProfileConfiguration = relying-party
-InvalidSecurityConfiguration = security-cfg
-MessageAuthenticationError = security-msg
-MessageReplay = stale
-MessageExpired = stale
-UnableToDecode = stale
-AccountError = authn
-AuthenticationException = authn
-InvalidCredentials = authn
-NoCredentials = authn
-NoPotentialFlow = authn
-RequestUnsupported = authn
-SubjectCanonicalizationError = authn
-InvalidAttributeContext = unexpected
-InvalidAuthenticationContext = unexpected
-InvalidSubjectContext = unexpected
-InvalidSubjectCanonicalizationContext = unexpected
-InvalidMessageContext = unexpected
-InvalidMessageVersion = unexpected
-InvalidProfileContext = unexpected
-InvalidRelyingPartyContext = unexpected
-InvalidRelyingPartyConfiguration = unexpected
-MessageProcessingError = unexpected
-UnableToEncode = unexpected
-UnableToSign = unexpected
-UnableToEncrypt = unexpected
-AttributeReleaseRejected = no-release
-TermsRejected = no-terms
-RuntimeException = runtime-error
-
-# Exception to error key mappings
-
-FlowExecutionRestorationFailureException = stale
-
-# Error key to title and message mappings
-
-access.title = Access Denied
-access.message = You do not have access to the requested resource.
-
-context-check-denied.title = Access Denied
-context-check-denied.message = You are not eligible for the service requested.
-
-no-release.title = Release of Information Prevented
-no-release.message = At your request, the release of your information has been blocked. If you wish to \
- change your decision, you may access the service again and approve the release in the \
- future.
-
-no-terms.title = Terms of Use Refused
-no-terms.message = Having refused the mandatory Terms of Use, access to the service is not permitted. \
- If you wish to change your decision, you may access the service again and approve \
- the terms in the future.
-
-authn.title = Login Failed
-authn.message = User login was not successful or could not meet the requirements of the requesting application.
-
-endpoint.title = Unable to Respond
-endpoint.message = The login service was unable to identify a compatible way to respond to the requested \
- application. This is generally to due to a misconfiguration on the part of the application \
- and should be reported to the application's support team or owner.
-
-relying-party.title = Unsupported Request
-relying-party.message = The application you have accessed is not registered for use with this service.
-
-security-cfg.title = Security Configuration Error
-security-cfg.message = The login service and the requested application do not share a compatible \
- security configuration, and the request cannot be fulfilled.
-
-security-msg.title = Message Security Error
-security-msg.message = The request cannot be fulfilled because the message received does not meet the \
- security requirements of the login service.
-
-stale.title = Stale Request
-stale.message =
You may be seeing this page because you used the Back button while browsing a \
- secure web site or application. Alternatively, you may have mistakenly bookmarked \
- the web login form instead of the actual web site you wanted to bookmark or used a \
- link created by somebody else who made the same mistake.
\
- \
-
Left unchecked, this can cause errors on some browsers or result in you returning to \
- the web site you tried to leave, so this page is presented instead.
-
-unexpected.title = Unexpected Error
-unexpected.message = An unexpected error was encountered, usually reflecting a configuration or software error.
-
-runtime-error.title = Uncaught Exception
-runtime-error.message =
A software error was encountered that prevents normal operation:
Please report this problem to your Help Desk or administrative staff. It has \
- also been logged for an administrator to review.
-
-error.title = Error
-error.message = An error occurred: $eventId
-
-root.title = Shibboleth IdP
-root.message = No services are available at this location.
-root.footer = Insert your footer text here.
diff --git a/dist/views/error.vm.dist b/dist/views/error.vm.dist
deleted file mode 100644
index fb08a82..0000000
--- a/dist/views/error.vm.dist
+++ /dev/null
@@ -1,71 +0,0 @@
-##
-## Velocity Template for error end-state
-##
-## Velocity context will contain the following properties
-## flowRequestContext - the Spring Web Flow RequestContext
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service"))
-#set ($defaultTitleSuffix = $springMacroRequestContext.getMessage("idp.title.suffix", "Error"))
-##
-#if ($flowRequestContext)
- ## This handles flow events, the most common case.
- #set ($eventId = $flowRequestContext.getCurrentEvent().getId())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error"))
- #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId"))
- #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied")
- $response.setStatus(403)
- #elseif ($eventId == "AttributeReleaseRejected" || $eventId == "TermsRejected")
- $response.setStatus(200)
- #elseif ($eventKey == "unexpected" || $eventKey == "runtime-error" || $eventKey == "error")
- $response.setStatus(500)
- #else
- $response.setStatus(400)
- #end
-#elseif ($exception)
- ## This handles exceptions that reach the Spring-MVC exception handler.
- #set ($eventId = $exception.getClass().getSimpleName())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error"))
- #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId"))
-#else
- ## This is a catch-all that theoretically shouldn't happen?
- #set ($titleSuffix = $defaultTitleSuffix)
- #set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred."))
-#end
-##
-
-
-
-
- $title - $titleSuffix
-
-
-
-
-
-
-
-
-
$title - $titleSuffix
-
-
-
- #evaluate($message)
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/views/expiring-password.vm.dist b/dist/views/expiring-password.vm.dist
deleted file mode 100644
index 0cb9d90..0000000
--- a/dist/views/expiring-password.vm.dist
+++ /dev/null
@@ -1,53 +0,0 @@
-##
-## Velocity Template for expiring password view
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## authenticationErrorContext - context with login error state
-## authenticationWarningContext - context with login warning state
-## ldapResponseContext - context with LDAP state (if using native LDAP)
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
- #springMessageText("idp.title", "Web Login Service")
-
-
-
-
-
-
-
-
-
-
#springMessageText("idp.login.expiringSoon", "Your password will be expiring soon!")
-
-
-
-
#springMessageText("idp.login.changePassword", "To create a new password now, go to")
- #.
-
#springMessageText("idp.login.proceedBegin", "Your login will proceed in 20 seconds or you may click")
- #springMessageText("idp.login.proceedHere", "here")
- #springMessageText("idp.login.proceedEnd", "to continue").
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/views/intercept/attribute-release.vm.dist b/dist/views/intercept/attribute-release.vm.dist
deleted file mode 100644
index 9c8b614..0000000
--- a/dist/views/intercept/attribute-release.vm.dist
+++ /dev/null
@@ -1,148 +0,0 @@
-##
-## Velocity Template for DisplayAttributeReleasePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## attributeReleaseContext - context holding consentable attributes
-## attributeReleaseFlowDescriptor - attribute consent flow descriptor
-## attributeDisplayNameFunction - function to display attribute name
-## consentContext - context representing the state of a consent flow
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## profileRequestContext - OpenSAML profile request context
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($serviceDescription = $rpUIContext.serviceDescription)
-#set ($informationURL = $rpUIContext.informationURL)
-#set ($privacyStatementURL = $rpUIContext.privacyStatementURL)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-#set ($rpOrganizationName = $rpUIContext.organizationName)
-##
-
-
-
-
-
-
- #springMessageText("idp.attribute-release.title", "Information Release")
-
-
-
-
-
diff --git a/dist/views/intercept/terms-of-use.vm.dist b/dist/views/intercept/terms-of-use.vm.dist
deleted file mode 100644
index 1bf12c7..0000000
--- a/dist/views/intercept/terms-of-use.vm.dist
+++ /dev/null
@@ -1,67 +0,0 @@
-##
-## Velocity Template for DisplayTermsOfUsePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## termsOfUseId - terms of use ID to lookup message strings
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-##
-
-
-
-
-
-
- #springMessageText("${termsOfUseId}.title", "Terms of Use")
-
-
-
#springMessageText("${termsOfUseId}.title", "Terms of Use")
-
- #end
-
- #springMessageText("${termsOfUseId}.text", "Terms of Use Text...")
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/views/login-error.vm.dist b/dist/views/login-error.vm.dist
deleted file mode 100644
index 44676b3..0000000
--- a/dist/views/login-error.vm.dist
+++ /dev/null
@@ -1,24 +0,0 @@
-## Velocity Template for login error message production, included by login.vm
-##
-## authenticationErrorContext - context containing error data, if available
-##
-#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && $authenticationErrorContext.getClassifiedErrors().iterator().next() != "ReselectFlow")
- ## This handles errors that are classified by the message maps in the authentication config.
- #set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId"))
-#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0)
- ## This handles login exceptions that are left unclassified.
- #set ($loginException = $authenticationErrorContext.getExceptions().get(0))
- #if ($loginException.getMessage())
- #set ($message = "Login Failure: $loginException.getMessage()")
- #else
- #set ($message = $loginException.toString())
- #end
-#end
-
-#if ($message)
-
-
$encoder.encodeForHTML($message)
-
-#end
diff --git a/dist/views/login.vm.dist b/dist/views/login.vm.dist
deleted file mode 100644
index a623db5..0000000
--- a/dist/views/login.vm.dist
+++ /dev/null
@@ -1,138 +0,0 @@
-##
-## Velocity Template for DisplayUsernamePasswordPage view-state
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## authenticationErrorContext - context with login error state
-## authenticationWarningContext - context with login warning state
-## ldapResponseContext - context with LDAP state (if using native LDAP)
-## rpUIContext - the context with SP UI information from the metadata
-## extendedAuthenticationFlows - collection of "extended" AuthenticationFlowDescriptor objects
-## passwordPrincipals - contents of the shibboleth.authn.Password.PrincipalOverride bean
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext'))
-#set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext', true).getUsername())
-#set ($passwordEnabled = false)
-#if (!$passwordPrincipals or $passwordPrincipals.isEmpty() or $authenticationContext.isAcceptable($passwordPrincipals))
- #set ($passwordEnabled = true)
-#end
-##
-
-
-
-
- #springMessageText("idp.title", "Web Login Service")
-
-
-
-
-
-
-
-
-
-
-
- #parse("login-error.vm")
-
-
-
- #*
- //
- // SP Description & Logo (optional)
- // These idpui lines will display added information (if available
- // in the metadata) about the Service Provider (SP) that requested
- // authentication. These idpui lines are "active" in this example
- // (not commented out) - this extra SP info will be displayed.
- // Remove or comment out these lines to stop the display of the
- // added SP information.
- //
- *#
- #set ($logo = $rpUIContext.getLogo())
- #if ($logo)
-
- #end
- #set ($desc = $rpUIContext.getServiceDescription())
- #if ($desc)
- $encoder.encodeForHTML($desc)
- #end
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/views/logout-complete.vm.dist b/dist/views/logout-complete.vm.dist
deleted file mode 100644
index 4bf0a62..0000000
--- a/dist/views/logout-complete.vm.dist
+++ /dev/null
@@ -1,58 +0,0 @@
-##
-## Velocity Template for logout flow's concluding view-state (no propagation)
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## logoutContext - context with SPSession details for logout operation
-## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
- #springMessageText("idp.title", "Web Login Service")
-
-
-
-
-
-
-
-
-
-
-
-
-
#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")
- #springMessageText("idp.attribute-release.rememberConsent", "Ask me again if information changes")
+
#springMessageText("idp.attribute-release.rememberConsentItem", "I agree that the same information will be sent automatically to this service in the future.")
#springMessage()
- )
- #end
- )
- #end
- #set ($desc = $rpUIContext.getServiceDescription())
- #if ($desc)
- $encoder.encodeForHTML($desc)
- #end
-
-